package com.luobd.bpm.config.security;

import com.luobd.bpm.business.user.service.IAuthService;
import com.luobd.bpm.common.utils.JWTUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import javax.annotation.Resource;


@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Resource
    private AuthenticationFailHandler authenticationFailHandler;


    @Resource
    private JWTUtil jwtUtil;


    @Resource
    private IAuthService authService;


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 所有api接口都需要认证
                // 登录模块放开
                .antMatchers("/api/auth/*").permitAll()
                // 不拦截OPTION请求
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                // 所有swagger资源放开
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/v2/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/doc.html").permitAll()
                .antMatchers("/api/**").authenticated();

        // 禁用session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        // 配置认证失败处理器
        http.exceptionHandling()
                .authenticationEntryPoint(authenticationFailHandler);

        JWTAuthenticationFilter filter = new JWTAuthenticationFilter(authenticationManager(), jwtUtil, authService);

        http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);

        // 开启跨域支持
        http.cors().configurationSource(corsConfigurationSource()).and().csrf().disable();

    }


    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOriginPattern("*");
        configuration.addAllowedMethod("*");
        configuration.addAllowedHeader("*");
        configuration.setAllowCredentials(true);
        configuration.setMaxAge(3600L);

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/api/**", configuration);
        return source;
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }


    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }
}
